42c7d5a9544112876a5e1efb98ae0df7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

42c7d5a9544112876a5e1efb98ae0df7_JaffaCakes118
Size

225KB
MD5

42c7d5a9544112876a5e1efb98ae0df7
SHA1

65442ff1bbcad35d0531baa0e0a87dfe659a2b49
SHA256

2f3a7e66b7dbfe65f0b2c234963574e53593476695459593728f8b45255abcea
SHA512

aa2c156ef19b8cc3df0d27b16e5393b5fbbc1c6c240dec4033b6355957298e26bd73a82b64ca53773af87900cfc653a8d7ffee15204a339cc9e8ff2742077ce3
SSDEEP

6144:eGA5srexXlsTnRjB3IuJMMSLj5TvNxM5ciy2TRMty:HStsRjB31U5hxM6iBQy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42c7d5a9544112876a5e1efb98ae0df7_JaffaCakes118

Files

42c7d5a9544112876a5e1efb98ae0df7_JaffaCakes118
.dll regsvr32 windows:6 windows x86 arch:x86

36ec549b12f955063c2cf9618b28b6a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

findnetprinters.pdb

Imports

msvcrt

malloc
free
_initterm
_XcptFilter
??2@YAPAXI@Z
_vsnwprintf
??3@YAXPAX@Z
memset
time
memcpy
_wcsicmp
iswprint
_purecall
__CxxFrameHandler3
_CIsqrt
_ftol2
_wcslwr
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_amsg_exit

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetThreadpoolTimer
WideCharToMultiByte
EnterCriticalSection
InterlockedCompareExchange
Sleep
InterlockedExchange
CreateMutexW
GetLastError
CreateThread
ReleaseMutex
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
CloseHandle
SetEvent
CreateEventW
GetModuleHandleExW
GetProcessHeap
HeapFree
InitializeCriticalSection
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetPrivateProfileStringW
GetSystemDirectoryW
GetPrivateProfileIntW

user32

TranslateMessage
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceMessage
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shlwapi

ord219

oleaut32

SysAllocString
SysFreeString

ws2_32

WSACleanup
WSAGetLastError
closesocket
inet_addr
socket
WSAStartup

iphlpapi

GetIpAddrTable
GetNumberOfInterfaces

wsnmp32

ord604
ord603
ord900
ord300
ord600
ord906
ord501
ord105
ord107
ord504
ord602
ord302
ord205
ord301
ord500
ord903
ord200
ord101
ord103
ord220
ord400
ord402
ord999
ord203
ord201
ord204

comctl32

ord321
ord323
ord320
ord327
ord324

ntdll

TpReleasePool
TpReleaseWork
TpWaitForWork
TpReleaseWait
TpWaitForWait
TpSetWait
TpReleaseTimer
TpWaitForTimer
TpReleaseIoCompletion
TpWaitForIoCompletion
TpReleaseAlpcCompletion
TpWaitForAlpcCompletion
TpCallbackMayRunLong
RtlNtStatusToDosError
TpAllocWait

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36ec549b12f955063c2cf9618b28b6a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

shlwapi

oleaut32

ws2_32

iphlpapi

wsnmp32

comctl32

ntdll

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 168KB - Virtual size: 169KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 168KB - Virtual size: 169KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 3KB